You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation does not respect empty values, but falls through checking an empty string for being writable.
Proposed fix
Catch Configuration Exceptions and present them properly
Only check writable dirs if session_save_path() is defined
This fixes the problem, for example:
$sessionSavePath = session_save_path();
if (session_module_name() === 'files' && defined($sessionSavePath) && !is_writable($sessionSavePath)) {
throw new ConfigurationError("Can't save session, path '$sessionSavePath' is not writable.");
}
Updated by elippmann on 2015-04-07 07:19:22 +00:00
Subject changed from _Uncaught exception on empty session_save_path() _ to _Uncaught exception on empty session.save_path() _
Target Version set to 2.0.0-rc1
The proper fix here is to set the $sessionSavePath to sys_get_temp_dir() if it's the empty string before checking whether the path is writable. I added a related issue for the insecure path part. Thanks for the report Michi.
This issue has been migrated from Redmine: https://dev.icinga.com/issues/8994
Created by mfriedrich on 2015-04-04 13:20:59 +00:00
Assignee: (none)
Status: Resolved (closed on 2015-04-22 15:30:03 +00:00)
Target Version: 2.0.0-rc1
Last Update: 2015-04-22 15:30:03 +00:00 (in Redmine)
Problem
I am currently refactoring icinga-vagrant.git using different puppet modules. Now I forgot to properly define the php session path in these modules.
Apparently Icinga Web 2 (php-Icinga) throws an uncaught exception for that - this should be something more readable on-screen imho.
http://stackoverflow.com/questions/12719096/understanding-session-save-path-as-no-value-and-security
The current implementation does not respect empty values, but falls through checking an empty string for being writable.
Proposed fix
This fixes the problem, for example:
Changesets
2015-04-22 15:26:15 +00:00 by aklimov 9cd7765
Relations:
The text was updated successfully, but these errors were encountered: